Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Oracle
  • Access Manager

Configuration 1 [-]

cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html cve-icon cve-icon
http://www.securityfocus.com/bid/102562 cve-icon cve-icon
http://www.securitytracker.com/id/1040211 cve-icon cve-icon
History

Mon, 07 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2018-01-18T02:00:00

Updated: 2024-10-04T16:38:57.881Z

Reserved: 2017-06-21T00:00:00

Link: CVE-2017-10262

cve-icon Vulnrichment

Updated: 2024-08-05T17:33:16.938Z

cve-icon NVD

Status : Analyzed

Published: 2018-01-18T02:29:16.070

Modified: 2018-01-25T13:52:26.713

Link: CVE-2017-10262

cve-icon Redhat

No data.